Disposable Email For Agents

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward disposable email skill, with the main caution that emails and attachments pass through a third-party service.

Use this for low-sensitivity testing, signups, and temporary workflows. Do not send passwords, recovery links, confidential documents, regulated data, or important account email to these inboxes, and scan or sandbox attachments before opening or processing them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill encourages routing email content through a third-party disposable inbox service but does not warn users that messages, metadata, and attachments may contain sensitive information and will be processed outside the user's trusted environment. This omission can lead users or downstream agents to expose credentials, personal data, or confidential business content to an external service without informed consent.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill allows downloading email attachments and returning download URLs but provides no warning that attachments and linked files are untrusted content that may contain malware, phishing lures, or prompt-injection content. In an agent context this is more dangerous because agents may automatically fetch, parse, summarize, or open returned content, increasing the chance of unsafe follow-on actions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal